Secure Transport Channel Using Multiple Cipher Suites

PublishedMarch 20, 2018

Assigneenot available in USPTO data we have

InventorsNima Sharifi Mehr Darren Ernest Canavor Jesper Mikael Johansson Jon Arron McClintock Gregory Branchek Roth

Technical Abstract

Patent Claims

23 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A computer-implemented method comprising: receiving, from a client computer system, a message to perform a handshake process to establish a cryptographically protected communications session, the message specifying: a first list of cipher suites supported by the client computer system for receiving, via the cryptographically protected communications session, messages; and a second list of cipher suites supported by the client computer system for transmitting, via the cryptographically protected communications session, messages; obtaining: a third list of cipher suites supported for transmitting, via the cryptographically protected communications session, messages, the third list being different from the first list; and a fourth list of cipher suites supported for receiving, via the cryptographically protected communications session, messages, the fourth list being different from the second list; selecting a first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session, the first cipher suite being a member of the first list and a member of the third list wherein the first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session is different from a second cipher suite; selecting the second cipher suite for receiving messages from the client computer system via the cryptographically protected communication session, the second cipher suite being a member of the second list and a member of the fourth list; and completing the handshake process to establish the cryptographically protected communications session such that the cryptographically protected communications session utilizes the first cipher suite for transmissions to the client computer system and utilizes the second selected cipher suite for receiving transmissions from the client computer system.

2. The computer-implemented method of claim 1 , wherein the cryptographically protected communications session comprises at least 70 percent of the messages in accordance with Transport Layer Security version 1.2.

3. The computer-implemented method of claim 1 , wherein communications according to the first cipher suite are encrypted and communications according to the second cipher suite are unencrypted.

4. The computer-implemented method of claim 1 , wherein: the first list of cipher suites is ordered by a first ranking and the second list of cipher suites is ordered by a second ranking; selecting the first cipher suite is based at least in part on the first ranking; and selecting the second cipher suite is based at least in part on the second ranking.

5. The computer-implemented method of claim 1 , wherein selecting the first cipher suite and the second cipher suite is based at least in part on metadata of a connection with the client computer system.

6. A system, comprising memory storing computer-executable instructions that, as a result of being performed by one or more processors, cause the system to at least: receive, from a client computer system, a message to perform a handshake process to establish a cryptographically protected communications session, the message specifying: a first list of cipher suites supported by the client computer system for receiving, via the cryptographically protected communications session, messages; and a second list of cipher suites supported by the client computer system for transmitting, via the cryptographically protected communications session, messages; obtain: a third list of cipher suites supported for transmitting, via the cryptographically protected communications session, messages, the third list being different from the first list; and a fourth list of cipher suites supported for receiving, via the cryptographically protected communications session, messages, the fourth list being different from the second list; select a first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session, the first cipher suite being a member of the first list and a member of the third list wherein the first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session is different from a second cipher suite; select the second cipher suite for receiving messages from the client computer system via the cryptographically protected communication session, the second cipher suite being a member of the second list and a member of the fourth list; and complete the handshake process to establish the cryptographically protected communications session such that the cryptographically protected communications session utilizes the first cipher suite for transmissions to the client computer system and utilizes the second cipher suite for receiving transmissions from the client computer system.

7. The system of claim 6 , wherein the system communicates over the cryptographically protected communications session such that a set of data communicated over the cryptographically protected communications session is cryptographically protected according to a third cipher suite.

8. The system of claim 6 , wherein: the message includes a first set of data and a second set of data; the first cipher suite is associated with a first use context; the second cipher suite is associated with a second use context; and the first set of data is transmitted in the first use context and the second set of data is transmitted in the second use context.

9. The system of claim 6 , wherein the system selects the first cipher suite and the second cipher suite based at least in part on metadata of a connection with the client computer system.

10. The system of claim 9 , wherein the metadata includes a geolocation.

11. The system of claim 9 , wherein the metadata includes a connection latency value.

12. The system of claim 9 , wherein the metadata includes a connection bandwidth.

13. The system of claim 6 , wherein the at least one computing device is further configured to: receive a request; determine a first security level for a first part of the request; determine a second security level for a second part of the request; and wherein the first cipher suite is determined based at least in part on the first part of the request and the second cipher suite is determined based at least in part on the second part of the request.

14. The system of claim 6 , wherein the handshake process results in an indexed set of cipher suites and individual records of the cryptographically protected communications session are configured to indicate which of the indexed set of cipher suites is being used.

15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: receive, from a client computer system, a message to perform a handshake process to establish a cryptographically protected communications session, the message specifying: a first list of cipher suites supported by the client computer system for receiving, via the cryptographically protected communications session, messages; and a second list of cipher suites supported by the client computer system for transmitting, via the cryptographically protected communications session, messages; obtain: a third list of cipher suites supported for transmitting, via the cryptographically protected communications session, messages, the third list being different from the first list; and a fourth list of cipher suites supported for receiving, via the cryptographically protected communications session, messages, the fourth list being different from the second list; select a first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session, the first cipher suite being a member of the first list and a member of the third list wherein the first cipher suite for transmitting messages to the client computer system via the cryptographically protected communication session is different from a second cipher suite; select the second cipher suite for receiving messages from the client computer system via the cryptographically protected communication session, the second cipher suite being a member of the second list and a member of the fourth list; and complete the handshake process to establish the cryptographically protected communications session such that the cryptographically protected communications session utilizes the first cipher suite for transmissions to the client computer system and utilizes the second cipher suite for receiving transmissions from the client computer system.

16. The non-transitory computer-readable storage medium of claim 15 , wherein the executable instructions are further configured to cause the computer system to at least communicate over the cryptographically protected communications session using a third cipher suite.

17. The non-transitory computer-readable storage medium of claim 15 , the first cipher suite is used in a first use context and the second cipher suite is used in a second use context.

18. The non-transitory computer-readable storage medium of claim 17 , wherein the executable instructions further cause the computer system to at least: receive a request; determine a first security level for a first part of the request; determine a second security level for a second part of the request; and wherein the first cipher suite is selected based at least in part on the first part of the request and the second cipher suite is selected based at least in part on the second part of the request.

19. The non-transitory computer-readable storage medium of claim 17 , wherein the first cipher suite for use in the first use context is different from the second cipher suite for use in the second use context.

20. The non-transitory computer-readable storage medium of claim 15 , wherein the the first cipher suite and the second cipher suite are determined based at least in part on a connection metadata.

21. The non-transitory computer-readable storage medium of claim 20 , wherein the connection metadata includes an Internet connection type.

22. The non-transitory computer-readable storage medium of claim 20 , wherein the connection metadata includes a hardware type.

23. The non-transitory computer-readable storage medium of claim 15 , wherein the executable instructions further cause the computer system to send, in response to a request, a first partial completion message corresponding to a first part of a request and a second partial completion message corresponding to a second part of the request.

Patent Metadata

Filing Date

Unknown

Publication Date

March 20, 2018

Inventors

Nima Sharifi Mehr

Darren Ernest Canavor

Jesper Mikael Johansson

Jon Arron McClintock

Gregory Branchek Roth

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search